You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

NVIDIA Optimus Problems After Virus Removal

Hello everyone, first of all, I'm sorry for the inconveniences I may cause the ones willing to help me with this issue as I am a bit of a newb when it comes to these things.

To make matters as simple as possible, let me explain the situation:

I own a laptop which I use at home for HD family video editing. It's a Dell XPS 15 L502X with a 2nd Generation Core i7-2860QM and an Nvidia Geforce GT 540M with Optimus Technology running on Windows 7 Home Premium 64-bit. The NVIDIA Optimus technology is supposed to switch between Intel HD Graphics and NVIDIA Accelerated Graphics when the application demands it. Therefore, it is of great importance to me to have this technology working, since editing 1080p footage using the Intel HD Graphics is not a pleasant experience.

However, this laptop got infected with a nasty virus, which stole some of my information, including credit card information and other sensitive data. I sent the computer to repair, but this bore no results. The person trying to eliminate the virus said he was unable to do so and thus he recommended to reinstall Windows completely. The problem is, I have gigabytes of valuable data in this computer accompanied by a lot of software I would not even want to start reinstalling. Thus, I turned to the IT person at my work, which took the laptop for the day and ran some tools to clean it. To my surprise, he was able to remove the virus and my computer was completely normal and stable. However, it was only a week after (yesterday) when I went to edit some footage that I noticed that my NVIDIA card was not running when needed. I tried forcing the card (by making it the default graphics card for every application) to run, but with no results. This is when I called the guy that removed the virus to ask him if he knew anything about this and he said he would check online. An hour later he calls me saying that one of the tools he used (Combofix) may have corrrupted my registry and so it may have rendered my graphics card useless. He told me the only solution would be to reinstall windows (Again, not an option)

So now, here I am, turning to this great forum in looks for an answer. I am willing to provide any information regarding what the IT person did (I told him I would contact a forum, so he provided me with everything he did).

Yes, I tried updating the NVIDIA as well as the Intel HD Graphics drivers, but to no avail...

The logs you asked for are attached to this post.

Also, one more thing to mention. The folder "Qoobox" was created in C:\, and that contains the Combofix logs, some quarantine folders, and also a Snapshot.(numbers).dat file which is the biggest file in the folder.

I'm starting to get inclined towards a "vulnerability" that Combofix may have "closed" from the point of view of how the NVIDIA Optimus technology works. Optimus technology basically enables and disables hardware as software runs. For instance, if I was only using a word processor, the computer would be using the Intel HD Graphics. However, if I change to running Adobe Premier to edit HD video, the NVIDIA card kicks in and the HD Graphics is disabled. Now, I can see why this would be considered "dangerous" by some security tools. I'm not sure how to read Combofix logs, and from what I've researched, this information will not be given to me. However, I believe it's more of a registry thing concerning a Windows setting more than it is a driver issue. Is there any way to find out through the Combofix log exactly was has been changed in the registry?

we'll restore everything removed by ComboFix, let me know if that resolves the issue, then I can report back to the developer, it has since been updated, so there may have been a bug in the version you ran

(I'll restore the files that are likely infected too,then I'll have you download a new version, see if the same files are targeted or not)

Please do the following:

to restore the registry Items, it is a little more complicated, but please do this

Open Windows explorer and navigate to this folder

C:\QooBox\Quarantine\Registry_Backups

In the right hand panel, locate these files C:\Qoobox\Quarantine\Registry_backups\tcpip.regC:\Qoobox\Quarantine\Registry_backups\AddRemove-tsimtnccxx.reg.datC:\Qoobox\Quarantine\Registry_backups\AddRemove-ATR_72500.reg.datC:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.datC:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.datC:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.datC:\Qoobox\Quarantine\Registry_backups\tcpip.reg

you will need to delete the extra extension so the file ends in .reg just like the first file on the list.eg:for C:\Qoobox\Quarantine\Registry_backups\AddRemove-tsimtnccxx.reg.dat remove the .dat so you have this remainingC:\Qoobox\Quarantine\Registry_backups\AddRemove-tsimtnccxx.reg

To do that right click on the files, select rename

remove only the .dat from the end of the filename

left click near the file name to ensure the rename is correct

Do the same for each file listed

Next double click the renamed files to ALLOW them to merge into the registry

NEXT

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.

They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:Click Start > Run type Notepad click OK.This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

However, I managed to fix my problem without having to reinstall everything. I followed a tutorial on how to perform a "repair" installation, which basically restored all my windows files without touching my programs and settings. After performing this "repair" install, which was a lengthy process, my drivers would still not work. However, I uninstalled both the NVIDIA and the Intel graphics drivers, and reinstalled them (First Intel, then NVIDIA). I have to say I downloaded the Intel drivers from the Dell website, and NVIDIA drivers were just straight from nvidia. After doing this, Optimus was running fine, and everything was working the way it's supposed to.

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.